On Mon, Mar 14, 2011 at 06:37:16PM +0100, Julien Cristau wrote: > On Mon, Mar 14, 2011 at 13:00:21 -0400, Eamon Walsh wrote: > > On 03/14/2011 06:04 AM, Julien Cristau wrote: > > > Hi Eamon, > > > > > > we received the report below on the debian bug tracker, would you have > > > any idea about this? > > > > > > On Sun, Mar 13, 2011 at 23:13:21 -0400, Joseph Nahmias wrote: > > > > > > The X server is looking for the file > > /etc/selinux/$POLICYTYPE/contexts/x_contexts. POLICYTYPE is set in > > the /etc/selinux/config file and is usually "targeted." > > > > That file should be part of Debian's SELinux support as it is included > > in the upstream policy. > > > as far as I can tell the selinux-policy-default package comes with > /etc/selinux/default/contexts/x_contexts so I guess that's what should > be used (/etc/selinux/config sets SELINUXTYPE=default). Joe, do you > have that file? I would expect yes, since downgrading to 1.7 makes X > work again.
Hmm, for some reason, I don't have that particular package installed; rather, I have the following: $ dpkg -l selinux-\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-=====================================-============================-================================================================================== ii selinux-basics 0.3.8 SELinux basic support un selinux-policy-default <none> (no description available) un selinux-policy-dev <none> (no description available) un selinux-policy-refpolicy-src <none> (no description available) ii selinux-policy-refpolicy-strict 0.0.20080314-1 Strict variant of the SELinux reference policy ii selinux-policy-refpolicy-targeted 0.0.20080314-1 Targeted variant of the SELinux reference policy ii selinux-utils 2.0.96-1 SELinux utility programs I'll have to check if installing selinux-policy-default fixes my problem, but that's a project for another night... > > If the user does not wish to use the SELinux support for X, the > > "xserver_object_manager" SELinux boolean can be set to false and that > > will prevent the X server from loading the extension. > > > In any case maybe the following patch would make sense, to have a better > idea of why the call failed? > > diff --git a/Xext/xselinux_label.c b/Xext/xselinux_label.c > index e5929fa..94540ce 100644 > --- a/Xext/xselinux_label.c > +++ b/Xext/xselinux_label.c > @@ -358,7 +358,7 @@ SELinuxLabelInit(void) > > label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1); > if (!label_hnd) > - FatalError("SELinux: Failed to open x_contexts mapping in policy\n"); > + FatalError("SELinux: Failed to open x_contexts mapping in policy: > %s\n", strerror(errno)); > } > > void > > Cheers, > Julien --Joe -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110315044755.ga25...@nahmias.net